Wireguard gateway setup
=====

WireGuard securely encapsulates IP packets over UDP. You add a WireGuard interface, configure it with your private key and your peers' public keys, and then you send packets across it. It's that easy. Compared to OpenVPN, Ipsec, or even tinc, this is by far the easiest to configure.

-------------- 

*Adapted from a mail conversation*
So in this particular setup we have a listening server and a client. 
The client tunnels all IP requests (wildcard 0.0.0.0/0) through the wireguard interface.
The server only allows accept connections from one IP (and furthermore checks if the key is OK).

Generate public and private keys for client and server
***********

The following cmd will create a private key with a corresponding public key.
Create these for both the server and your client.

	umask 077
	wg genkey | tee private.key | wg pubkey > public.key

My configuration files are as follows:
************

A server with a virtual IP 172.16.16.1 (you can use any local LAN IP) is listening on port 51820.
Right now, it only accepts connection from one peer (172.16.16.2). Traffics from other peers or with invalid keys are dropped.
The server config is as follows

	[Interface]
	Address = 172.16.16.1/24
	ListenPort = 51820
	PrivateKey = xxxxxxxx

	[Peer]
	PublicKey = xxxxxxxxxxxxxx
	AllowedIPs = 172.16.16.2/32


On the client side, we have a client with virtual IP 172.16.16.2. As for the peer, we have set a wildcard with 0.0.0.0/0. The endpoint
is our server. All traffic is sent through this tunnel (except for maybe LAN traffic). 

	[Interface]
	Address = 172.16.16.2/32
	PrivateKey = xxxxxxxxx
	DNS = 8.8.8.8

	[Peer]
	PublicKey = xxxxxxxxxxxxxx
	Endpoint = 1.2.3.4:51820
	AllowedIPs = 0.0.0.0/0
	PersistentKeepalive = 21

Running
********
You can start and stop your client/server with the wg-quick tool (if you compile by yourself, remember to build this tool as well)
	
	wg-quick up wg0.conf
	wg-quick down wg0.conf